{"data":{"id":"dc09dd6c-0090-4c29-a8da-250ef0aa6bcb","title":"CVE-2026-54324: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1","summary":"Daytona is a platform that runs code generated by AI safely and efficiently. Before version 0.185.0, it had a cross-tenant authorization flaw (a security problem where access controls between separate organizations failed), which let any logged-in user listen to another organization's real-time notifications and see their events without permission.","solution":"This vulnerability is fixed in version 0.185.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54324","publishedAt":"2026-06-23T18:18:09.143Z","cveId":"CVE-2026-54324","cweIds":["CWE-639","CWE-863"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Daytona"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T18:18:09.143Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}